If the attacker has the xpub then it's definitely much easier and it should be possible in one sig. Your aglo looks right. You can also do it in a single address reuse.
https://x.com/LLFOURN/status/1733992948294181299
The reason we thought this attack was notable and worth disclosing is that it doesn't depend whatsoever on the user's behavior or precautions (i.e. not giving out xpubs).
llfourn / Zero-Knowledge Goof
npub1xh…9gst6
2024-08-06 02:14:06
in reply to nevent1q…7nsm
Author Public Key
npub1xh897wvhn93tda0zws94mdyc7eagc8qm0798clp7x48zh6kjwazq29gst6Published at
2024-08-06 02:14:06Event JSON
{
"id": "6ceb808e6266b3e58b7425480ee3c32a30ed2b1bd51e3e8fff3419e77e9acdb2",
"pubkey": "35ce5f39979962b6f5e2740b5db498f67a8c1c1b7f8a7c7c3e354e2bead27744",
"created_at": 1722903246,
"kind": 1,
"tags": [
[
"e",
"8d615d7d3192fd161bfbd8587e2d9541a8eac4c3b6a4b25f209e12d2169223bb",
"wss://bouncer.nostree.me",
"root"
],
[
"p",
"675b84fe75e216ab947c7438ee519ca7775376ddf05dadfba6278bd012e1d728"
]
],
"content": "If the attacker has the xpub then it's definitely much easier and it should be possible in one sig. Your aglo looks right. You can also do it in a single address reuse.\n\nhttps://x.com/LLFOURN/status/1733992948294181299\n\nThe reason we thought this attack was notable and worth disclosing is that it doesn't depend whatsoever on the user's behavior or precautions (i.e. not giving out xpubs).",
"sig": "8ddeac70e0e57185c7158286a43839192b37f374d9270c91838c35e20f662751728d09b979bf3e63be825796dfb65dde5e4fff945ef5a17acc195164d8933421"
}